Microsoft announced that two of its security services, Azure Front Door and Azure Firewall have been updated with improvements. Azure Front Door now comes with two new products in the preview stage, Standard and premium, while Azure Firewall has a Premium option in the preview stage as well.
The company conducted a web presentation titled “Modernize Your Network Security Strategy” on Feb…
Aspredicted by IDC, there will be 55.7 billion connected devices worldwide by 2025, out of which 75% will be connected to an IoT platform. To communicate securely, each machine needs a unique identity to authenticate and secure communications. Machines are identified by digital certificates that are assigned by dedicated Certification Authorities (CA), which encrypts the data for machines…
Active Directory’s architectural limitations taken advantage of during Solorigate, says CrowdStrike CEO
April 9, 2021
During the Feb 23rd senate hearing on SolarWinds Orion software hack, George Kurtz, president, and CEO of CrowdStrike pointed towards an ‘architectural limitation’ in Active Directory federation Service that was taken advantage of during the attack.
“Significantly, one of the most sophisticated aspects of the StellarParticle campaign was how skillfully the threat actor took advantage of…
Microsoft is helping organizations that are investigating whether they are victims of the Solorigate attack by offering them a free tool, the CodeQL queries that the company used to scan its source code for after the attack. the queries Microsoft used with CodeQL identify any code that is similar in pattern and function to the SolarWinds malware. So, these queries can be used on any software to do…
In a historic settlement, the French government doled out a fine of €50 million penalty in March 2020 for failing to be transparent to it’s users about the personal data that it collected from its services and products.
In a similar fashion, Italian telecommunication giant, Telecom Italia, was also awarded aGDPR fine of $31.5 million or €27.8 million by the Italian Data…
Microsoft recently released a couple of new additional features to its Azure AD system. The new features, namely My Apps Collections and Risk Detections will let end users create their own set of apps in the Azure AD “My Apps” portal. The latter feature will help administrators spot sign-in anomalies. However, Microsoft also announced that some Azure AD features will also be discontinued.
A…
Microsoft’s Password Management Capabilities in Authenticator App Made Available to General Use
April 9, 2021
Microsoft recently announced the release of new features such as “password management and autofill capability” in their Authenticator app for mobile devices. The app also supports two-factor authentication and is compatible on both Android and iOS devices.
The feature that allows users to use the Microsoft Authenticator app to save passwords and automatically populate sign-in fields was in…
On March 2, Microsoft released emergency security updates to plug four security loopholes in Exchange Server versions 2013 through 2019. Chinese state-sponsored cyber-espionage unit was using these security loopholes to sniff into email conversations of victim organizations.
At least 30,000 organizations in the United States alone are believed to be hacked by the espionage group to siphon email…
VMware patches critical RCE vulnerability that allowed attackers to execute code remotely
April 9, 2021
VMware has patched up multiple critical remote code execution (RCE) vulnerability in its ESXi, vCenter Server, and Cloud foundation products. The flaw would allow attackers to run codes and affect systems remotely. This vulnerability, tracked as CVE-2021-21972, is critical in severity as it has a CVSS score of 9.8 out of a maximum of 10.
The company said in its advisory that “A malicious…
In 2020, half of all phishing emails used Microsoft Office-themed content to lure in unsuspecting victims and swipe their credentials, according to a Tuesday report by Cofense. The company analyzed millions of attack-related emails and concluded that 57% of the mails were phishing emails with the intent to steal credentials, while the rest were used for planting malware in the user’s systems or…